Portable device and method for accessing data key actuated devices

ABSTRACT

Data key actuated devices such as high security doors are modified so that they periodically transmit an identity pattern. An authorized user is provided with a portable access device storing keys for a number of such key actuated devices, with each key associated with an identity pattern for that device. The portable access device has a stored template comprising a fingerprint of the authorized user combined with a verification code. When the authorized user applies their fingerprint to the portable access device the verification code is returned which allows verification of the user. If the access device then receives a key actuated device identifier matching one in storage, the associated access key is retrieved and transmitted to the key actuated device to allow access to the user.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation-in-part of application Ser. No.09/078,396, filed May 13, 1998, now U.S. Pat. No. 6,353,889.

FIELD OF THE INVENTION

This invention relates to a method for accessing data key actuateddevices, a portable device for accessing such key actuated devices, anda secure access system.

BACKGROUND OF THE INVENTION

Access to an increasing number of devices is controlled by data accesskeys. For example, access to an automated teller machine (ATM) iscontrolled by keypad entry of an appropriate personal identificationnumber (PIN). Similarly, access to high security doors may be controlledby keypad entry of a pass code. Access to security systems, computernetworks, and voice mail systems are also typically pass codecontrolled. As the number of devices which demand an access key foraccess increases, it becomes more difficult for a user to recall all thenecessary access keys. Furthermore, the security of such key actuateddevices may be compromised if the access key is not maintained in strictsecrecy by the authorized user.

This invention seeks to overcome drawbacks of known security systems.

SUMMARY OF THE INVENTION

According to the present invention, there is provided a method foraccessing data key actuated devices, comprising: receiving a keyactuated device identifier from a key actuated device; receiving abiometric; determining whether said received biometric is an authorizedbiometric; comparing said received key actuated device identifier withstored key actuated device identifiers and, on finding a matching storedkey actuated device identifier and where said received biometric is anauthorized biometric, retrieving a stored access key associated withsaid matching stored key actuated device identifier: and transmittingsaid retrieved access key.

According to another aspect of the invention, there is provided aportable electronic access device comprising: a biometric input; averifier responsive to said biometric input for verifying that abiometric which is input to said biometric input matches an authorizedbiometric and providing a verification indication; a memory storing aplurality of access keys, each for use in accessing a key actuateddevice and a plurality of key actuated device identifiers, eachassociated with one of said plurality of access keys; a receiver forreceiving a key actuated device identifier; a comparator for, responsiveto a verification indication from said verifier, comparing a keyactuated device identifier received from a key actuated device with saidstored key actuated device identifiers and, on finding a matching storedkey actuated device identifier, retrieving a stored access keyassociated with said matching stored key actuated device identifier; anda transmitter for transmitting a retrieved access key.

BRIEF DESCRIPTION OF THE DRAWINGS

In the figures which illustrate an example embodiment of the invention,

FIG. 1 is a block diagram of a secure access system made in accordancewith this invention, and

FIG. 2 is a flow diagram for operation of the process of FIG. 1.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Turning to FIG. 1, a secure access system 10 comprises a data keyactuated device 12 and a portable key access device 14. The key actuateddevice 12 could be a high security (vehicle or installation) door, anATM, a security system, a computer network, a voice mail system or anyother device requiring a data key for access. The key access device 14comprises a processor 20 connected for two-way communication with atransceiver 22 and for two-way communication with a memory 24. Theprocessor also receives signals from fingerprint input 26. Memory 24 isnon-volatile and stores a plurality of access keys each for use inaccessing a key actuated device. The memory also stores a plurality ofkey actuated device identifiers, each associated with one of theplurality of stored access keys. The transceiver 22 is wireless and maycommunicate with the key actuated device via radio transmissions orinfrared transmissions. The key access device 14 is portable andpreferably battery powered. A switch (not shown) may disconnect thebattery when the device is not in use to conserve battery power.

In order to use the portable access device, a user must first beenrolled. To effect enrolment, the user must pass a digitized copy oftheir fingerprint to an enrolment computer. This may be accomplished bythe user applying their finger to the fingerprint input 26 of the accessdevice 14 when the device is connected via a port (not shown) to theenrollment computer so that the processor 20 of the access device isprompted to pass along the digitized fingerprint image to the enrollmentcomputer. Alternatively, the user may apply their fingerprint directlyto a fingerprint input associated with the enrolment computer. Thiscomputer then calculates a template from the user's fingerprint which isan encrypted combination of the fingerprint with a verification code.Suitable techniques for obtaining such templates from a fingerprint anda code, and for recovering a code from such a template, are described inU.S. Pat. No. 5,680,460 entitled BIOMETRIC CONTROLLED KEY GENERATION toTomko et al., the contents of which are incorporated by referenceherein. This template is then downloaded to the portable access deviceand stored in memory 24. Further, the enrolment computer stores averification indication at an address in memory 24 indicated by theverification code. Enrollment is then completed.

Operation of the system 10 of FIG. 1 is described in conjunction withFIG. 1 along with FIG. 2, which illustrates program control forprocessor 20. Key actuated device 12 periodically transmits a deviceidentifier. It is generally preferred that the time between suchtransmissions is no more than about five seconds; the range of thesetransmissions is preferably about two meters. When the portable accessdevice 14 is brought within range of the transmissions of the keyactuated device and is turned on, transceiver 22 will receive thesetransmissions and pass along the key actuated device identifier toprocessor 20 (block 50). If the user of the portable access device thenapplies their fingerprint to fingerprint input 26, the fingerprint imageis also received by processor 20 (block 52).

The processor may then determine whether the fingerprint which was inputis that of the authorized user. This is accomplished by the processorretrieving the template stored in memory 24 on enrollment and combiningthis with the newly input fingerprint from input 26. The resultingverification code is used as a memory address to memory 24. If theprocessor finds a verification indication at this memory address inmemory 24, then the biometric is considered to be authorized (block 54).In such case, the processor compares the received key actuated deviceidentifier with key actuated device identifiers in memory. On a matchbeing found (block 56) the processor passes a valid user indication totransceiver 22 for transmission to the key actuated device 12 (block58). This valid user indication could comprise the verification code, oran encrypted version of same. Additionally, the processor retrieves theaccess key from memory 24 which is associated with the matching keyactuated device identifier (block 60).

When the key actuated device 12 receives a valid user indication fromaccess device 14, it transmits a one time temporary encryption key. Thisis received by transceiver 22 and passed to processor 20. Processor 20uses the temporary key to encrypt the retrieved access key (block 62).The encrypted access key is then passed to the transceiver 22 andtransmitted to the key actuated device (block 64). The key actuateddevice uses a decryption key to recover the decrypted access key and, ifthe resulting decrypted key is a valid key, allows access to the user.Where the key actuated device is a high security door, this results inthe door being unlocked. Where the key actuated device is an ATM, thiswould allow the user access to the device via a keypad which could beprovided on the portable access device 14.

It will be apparent that since the access device 14 stores a number ofkey actuated device identifiers and associated access keys, device 14may be carried around by an authorized user and used to gain access to anumber different key actuated devices without need of the user tomemorize a plurality of pass codes.

The portable access device may be used with an existing key actuateddevice by modifying the device to incorporate a transceiver in same andprogramming the processor of the key actuated device so that the devicefunctions in the manner described.

A number of modifications to the system as described are possible. Forexample, the valid user ID may be transmitted as soon as an authorizedfingerprint is received by the access device 14 in advance ofdetermining whether the received key actuated device identifier matchesone of the stored identifiers.

Optionally, for lower security applications, the portable access devicedoes not transmit a valid user indication, nor does the key actuateddevice transmit any temporary keys. Instead, for such applications, onaccess device 14 determining that an authorized user has applied theirfingerprint to the input and on finding an access key for the keyactuated device, this access key is transmitted in unencrypted form tothe key actuated device.

Another option is for the key actuated device 12 to send a “mediumsecurity” indicator when it wants the access device 14 to send averification code and receive a temporary key for encrypting the accesskeys prior to transmission and to send a “low security” indicator, or nosecurity indicator, when it wants the access device 14 to follow thedescribed low security option.

A high security option is for the access keys to be encrypted in theaccess device 14. To accomplish this option, on enrolment, as well asforming a template from the user's fingerprint and a verification code,a template is formed from the user's fingerprint and a special key. Thespecial key is then used to encrypt each access key. In operation, whenthe access device 14 receives a key actuated device identifier and auser's fingerprint, it retrieves any associated encrypted access key andboth templates. If the fingerprint is that of the authorized user, thefingerprint successfully returns the verification code from the onetemplate. This results in the access device 14 sending a verificationindication to the key actuated device 12. The key actuated deviceresponds by sending a temporary encryption key. The access device thenuses the fingerprint to return the special key from the otherfingerprint template and the special key is then used to decrypt theaccess key. The access device 14 next uses the temporary key to encryptthe access key and sends the encrypted access key to the key actuateddevice 12.

It will be obvious to those skilled in the art that the transmission ofthe retrieved access key may be protected by other cryptographic means.For example, a Public Key Infrastructure (PKI) may be used, such thatthe retrieved access key is first digitally signed using the private keyof the user (synonymous with the special key above), and then encryptedusing the public key of the key actuated device (synonymous with thetemporary key above). This encrypted data package is then sent to thekey actuated device. The user can thus be assured that only theappropriate authority can properly use the transmitted data (as onlythey have the private key of the key actuated device to decrypt thedata), and the key actuated device can correspondingly ensure that theauthorized user was present (by verifying the digital signature of theretrieved access key using the public key of the user). This providesstrong mutual authentication between the actual user of the system andthe key actuated device (rather than only between the portable accessdevice and the key actuated device), as the digital signature can onlybe initiated subsequent to the user providing positive biometricauthentication. This embodiment provides for not only a securetransmission line between the electronic access device and the keyactuated device, but also provides a high degree of transactionaccountability as the user must be present to initiate digital signing.

Other methods for the secure transmission of the retrieved access keywill be obvious to those skilled in the art.

While in the described embodiment the user is authorized solely at theportable access device, it would be possible for the key actuated deviceto participate in this authorization. More particularly, on enrolment,the enrolment computer could simply pass the template to the portableaccess device and not the verification indication. In such instance,when a biometric is input to the access device, a verification code isreturned and this code is passed directly (in encrypted or unencryptedform) to the key actuated device. The key actuated device could thenpass the code to a central database which would use it to look upwhether the code was indicative of a valid user. If so, the key actuateddevice would prompt the access device to continue. Further the keyactuated device would only respond to any key transmitted by the accessdevice where the key actuated device determined the user was authorized.

In circumstances where the access device is to transmit a valid userindication and the key actuated device is to respond with a temporarykey, the valid user indication is conveniently the (encrypted orunencrypted) recovered verification code and the prompt from the keyactuated device is conveniently the temporary key.

While device 14 is shown for use with a fingerprint input, equally anyother user biometric could be employed. For example, access device 14could scan an iris of a user.

Since any biometric verification device will have a non-zero falseacceptance rate, preferably the key access devices 14 is programmed toshut down or broadcast an alarm code after a pre-determined number ofconsecutive failed verification attempts by a user.

Other modifications will be apparent to those skilled in the art and,therefore, the invention is defined in the claims.

1. A method for accessing data key actuated devices, comprising:receiving a key actuated device identifier from a key actuated device;receiving a biometric; determining whether said received biometric is anauthorized biometric; comparing said received key actuated deviceidentifier with stored key actuated device identifiers and, on finding amatching stored key actuated device identifier and where said receivedbiometric is an authorized biometric, retrieving a stored access keyassociated with said matching stored key actuated device identifier;encrypting said retrieved access key; and transmitting said retrievedaccess key.
 2. The method of claim 1 further comprising: receiving atemporary key; and wherein said encrypting said retrieved access keycomprises encrypting said retrieved access key with said temporary keyprior to transmission of said retrieved access key.
 3. The method ofclaim 2 further comprising: responsive to determining said receivedbiometric is an authorized biometric, initially transmitting a validuser indication.
 4. The method of claim 3 wherein said temporary key isreceived subsequent to transmitting said valid user indication.
 5. Themethod of claim 4 wherein said initially transmitting a valid userindication is dependent upon finding a stored key actuated deviceidentifier matching said received key actuated device identifier.
 6. Themethod of claim 2 wherein each said stored access key is encrypted andincluding performing a decryption operation on a retrieved access keyprior to encrypting said retrieved access key with said temporary key.7. The method of claim 6 wherein each said stored access key isencrypted with a special key and wherein said performing a decryptionoperation comprises retrieving a template and attempting to recover saidspecial key from said template utilizing said received biometric.
 8. Themethod of claim 1 further comprising retrieving a template andattempting to recover a special key from said template utilizing saidbiometric, said special key for use in performing a cryptographicoperation.
 9. The method claim 8 wherein said cryptographic operationinvolves at least one said access key.
 10. The method of claim 3 whereinsaid initially transmitting a valid user indication is dependent uponfinding a stored key actuated device identifier matching said receivedkey actuated device identifier.
 11. The method of claim 1 wherein saiddetermining whether said received biometric is an authorized biometriccomprises utilizing a template comprising said authorized biometric anda verification code such that presence of said biometric allows recoveryof said verification code.
 12. A portable electronic access devicecomprising: a biometric input; a verifier responsive to said biometricinput for verifying that a biometric which is input to said biometricinput matches an authorized biometric and providing a verificationindication; a memory storing a plurality of access keys, each for use inaccessing a key actuated device and a plurality of key actuated deviceidentifiers, each associated with one of said plurality of access keys;a receiver for receiving a key actuated device identifier and atemporary key; a comparator for, responsive to a verification indicationfrom said verifier, comparing a key actuated device identifier receivedfrom a key actuated device with said stored key actuated deviceidentifiers and, on finding a matching stored key actuated deviceidentifier, retrieving a stored access key associated with said matchingstored key actuated device identifier; and a transmitter fortransmitting a retrieved access key.
 13. The device of claim 12 whereinsaid stored access keys are encrypted and including a decrypter fordecrypting a retrieved access key prior to said access key beingtransmitted by said transmitter.
 14. The device of claim 12 wherein saidmemory is also for storing a special key template, said access keys areencrypted with a special key and said decrypter is responsive to saidbiometric input to perform a special key recovery operation on saidspecial key template utilizing said input biometric and a subsequentdecrypting operation on said retrieved access key utilizing a recoveredspecial access key.
 15. The device of claim 12 wherein said memory isalso for storing a special key template comprising said authorizedbiometric and a special key, said special key for use in performing acryptographic operation.
 16. The device of claim 12 wherein saidverifier is for accessing a stored template comprising said authorizedbiometric and a verification code, for attempting to recover saidverification code from an input biometric and for using saidverification code to obtain said verification indication.
 17. The deviceof claim 12 including an encrypter for encrypting said retrieved accesskey with said temporary key prior to transmission of said retrievedaccess key by said transmitter.
 18. The device of claim 12 wherein saidtransmitter is also for initially transmitting a valid user indicationin response to said verifier providing said verification indication. 19.The device of claim 17 wherein said transmitter is also for initiallytransmitting a valid user indication in response to said verifierproviding said verification indication and wherein said temporary key isreceived after said transmitter has transmitted said valid userindication.
 20. The device claim 12 wherein said receiver comprises oneof a radio receiver and an infrared receiver and said transmittercomprises one of a radio transmitter and an infrared transmitter.
 21. Asecure access system, comprising: a data key actuated device forperiodically transmitting a key actuated device identifier; a portableaccess device comprising: a biometric input; a verifier responsive tosaid biometric input for verifying that a biometric which is input tosaid biometric input matches an authorized biometric and providing averification indication; a memory storing a plurality of access keys,each for use in accessing a key actuated device and a plurality of keyactuated device identifiers, each associated with one of said pluralityof access keys; a receiver for receiving said key actuated deviceidentifier and a temporary key; a comparator for, responsive to averification indication from said verifier, comparing a key actuateddevice identifier received from said key actuated device with saidstored key actuated device identifiers and, on a match, retrieving anaccess key associated with said matching stored key actuated deviceidentifier; and a transmitter for transmitting a retrieved access key tosaid key actuated device.
 22. The system of claim 21 wherein said accessdevice includes an encrypter for encrypting said retrieved access keywith said temporary key prior to transmission of said retrieved accesskey by said transmitter.
 23. The system of claim 21 wherein saidtransmitter is also for initially transmitting a valid user indicationin response to said verifier providing said verification indication tosaid access device and wherein said key actuated device is also for,responsive to receiving said valid user indication, transmitting saidtemporary key.
 24. The system of claim 21 wherein said memory is alsofor storing a template and wherein said verifier is also for attemptingto recover a special key from said template utilizing said biometric,said special key for use in performing a cryptographic operation. 25.The system of claim 21 wherein said transmitter is a radio transmitterand said receiver is a radio receiver.
 26. The system of claim 21wherein said verifier is for accessing a stored template comprising saidauthorized biometric and a verification code, for attempting to recoversaid verification code from an input biometric and for using saidverification code to obtain said verification indication.
 27. The methodof claim 1 wherein said transmitting is wireless transmitting.
 28. Thedevice of claim 12 wherein said transmitter is a wireless transmitter.